Relaying-tab

The SMTP Service, Relaying tab:

Use SMTP User Authentication

If this SMTP AUTH option is enabled, all connecting clients - local or remote - must authenticate to relay mail through this SMTP service instance. Authentication is performed using the user’s username and password on the Properties Tab tab of the User Properties Dialog, accessed via User Manager. The “Relay Mail beyond this server” control on the Privileges Tab of the User Properties Dialog must also be enabled. Two authentication methods are provided, CRAM-MD5 and plain LOGIN.

Relay for machines recently collecting POP3 mail

Enable this option to permit connecting clients to authenticate themselves for relaying purposes by making a successful POP3 connection to a User Mailbox which is hosted on Mailtraq. This option may be used in conjunction with other relaying options. After authentication, users can relay for approximately five minutes. This facility is often referred to as POP-before-SMTP.

If neither of the above options are enabled, Mailtraq processes all relaying attempts through the following two options, 'relay for non-local senders' and 'relay for client machines' in serial. The effect of the relaying rules being applied in serial is that the forward path of an inbound SMTP message envelope must negotiate both controls, either of which may reject the message, before relaying is permitted.

Relay for client machines outside this LAN

If this option is disabled, the default setting, Mailtraq refuses to relay messages from non-local IP addresses, i.e. those not defined in the LAN Firewall, if the destination domain of the message does not appear in either Domain Name or Domain Aliases.

If this option is enabled, Mailtraq permits relaying of messages from non-local IP addresses. This option MUST NOT be enabled if the Mailtraq installation is sending and receiving Internet messages.

Relay for non-local senders

If this option is disabled, Mailtraq refuses to relay messages from non-local senders, i.e. those using domains which do not appear in either Domain Name or Domain Aliases.

If this option is enabled, the default setting, Mailtraq permits relaying of messages from any source domain.

Relaying Summary

The installation defaults, 'relay for client machines' unchecked and 'relay for non-local senders' checked:- allow local users, i.e. those whose IP addresses appear in the LAN firewall, to send mail to remote destinations without constraining the address(es) used in From: headers

deny non-local users, i.e. those whose IP addresses do not appear in the LAN firewall, the ability to send mail to remote destinations, regardless of the originating domain.

Always allow relaying from these senders

Tick the checkbox to enable this facility and enter the addresses of remote hosts which are always permitted to relay mail through this instance of the SMTP Service. The default for this option is unchecked because it is inherently insecure and should only be enabled if access to this instance of the SMTP service is restricted to non-Internet hosts via its Access Control Tab.

Configuration tip:

To prevent a user from being able to 'Relay beyond this Server' while still allowing them to send emails to other internal users. Enable this dialog, and then enter:

*@example.com
~not.this.person@example.com

where example.com is the domain Mailtraq controls.

Always allow relaying to these recipients

Tick the checkbox to enable this facility and enter the addresses of remote or local recipient mail hosts to which any sender is always permitted to relay mail via this instance of the SMTP Service. The default for this option is unchecked. Use of this option should be carefully monitored to ensure that mail is forwarded only to authorised hosts and that the recipient hosts also do not relay, which would cause your installation of Mailtraq to be included unwittingly in an unauthorised relay chain.